This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:
If salt is a character string starting with the characters "$id$" followed by a string optionally terminated by "$", then the result has the form:
$id$salt$encrypted
id identifies the encryption method used instead of DES and this then determines how the rest of the password string is interpreted. The following values of id are supported:
ID | Method ───────────────────────────────────────────────────────── 1 | MD5 2a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7)
Blowfish, also known as bcrypt, is also identified by prefixes 2, 2b, 2x, and 2y (see PassLib’s documentation).
So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm (with a 13-character hash), or “big” crypt’s DES (extended to support 128-character passwords, with hashes up to 178 characters in length), or BSDI extended DES (with a _ prefix followed by a 19-character hash).
Some distributions use libxcrypt which supports and documents quite a few more methods:
y: yescryptgy: gost-yescrypt7: scryptsha1: sha1cryptmd5: SunMD5
Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) only supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2b”.
